The National Institute of Standards and Technology (NIST) has released its draft guidelines in regards to telecommuting protocol, a much-needed update to the federal agencies original documents drafted back in 2009.
Highlighted in the updated guidelines for telework protocol is government agencies need to establish virtual mobile infrastructure technologies, where teleworking employees would access network information through customized mobile operating systems hosted on virtual machines, and the intermediate connection is destroyed when the session ends.
According to NIST computer scientist, Murugiah Souppaya, “Organizations are realizing that many data breaches occur when attackers can steal important information from a network by first attacking computer used for telework.”
The draft guidance also encourages agencies to implement mobile device management tools, which would prevent employees from gaining access to networks or sensitive data on devices that don’t fall in line with the established security standards.
The update in NIST documents 800-46 and 800-114 offers solutions to the ever increasingly complex task of safeguarding government agencies as federal agencies shift to adapt the telecommuting trend growing increasingly popular within the private sector. The difficulty in forming a secure telework arrangement is particularly complex for federal employees who work abroad, either from an embassy or elsewhere.
Just last week, the Department of Veterans Affairs Deputy Assistant Inspector, General Brent Arronte, testified during a House Oversight subcommittee that the agency has an inconsistent implementation of security protocol. Among the various security pitfalls highlighted in Arronte’s testimony was an instance where VA employees were given the approval to work with foreign nations, and employees ‘improperly connected to the VA’s network from foreign locations’ without preparations for secure network access and used personal equipment in accessing the agency’s network.
Even within the private sector, many organizations are struggling with the challenge of employees accessing their organizations’ networks remotely.
Over the year security guidelines like that of NIST and various other initiatives have not been efficiently followed, causing a string of data breaches affecting hundreds of millions of individuals. Best security practices and procedures have been developed for good reason and NNT has been in integral stakeholder in collaborating on security best practices.
Achieving 100% security may seem impossible, but with NNT’s Change Tracker Gen7 your organization will be equipped with best in class solutions like File Integrity Monitoring, Change and Configuration Management, System Hardening & Vulnerability Management, Continuous Compliance and Breach Detection to make your IT estate as secure as possible.
Read this article on SC Magazine